Index

How to run the tool

Extract the contents of the .zip file. It contains a .txt file and the Health Check tool.

Right-click on the Agent Health Check tool script (.ps1 file) and then select Run with PowerShell.

If you are unable to resolve an issue with the tool, contact Customer Support with the output file from the script. Refer to Zip the folder and contact Support section of this article.

Considerations

This tool works for Windows-based devices and uses PowerShellversions 2.0 and above.

Windows 7 SP1 ships with PowerShell 2.0 included. Earlier operating systems will require you to install the Windows Management Framework to use PowerShell.

You should set the execution policy on your device to Unrestricted. To set the policy, use the PowerShell Execution Policy [WIN] component available from the ComStore or run the following command: Set-ExecutionPolicy Unrestricted.

You cannot run the Agent Health Check tool as a component as it requires user input. If you have set the tool to run as a component, the tool will exit gracefully.

The Agent Health Check tool does not come in component form because it is designed to triage devices where the agent may not be capable of running components.

You must run the tool with administrative privileges for full system analysis. If you do not run the tool as an Administrator, the software will prompt the user to either run as an Administrator or continue regardless. Without administrative privileges, the tool will be unable to access some of the operational agent data located in C:\Windows\System32.

If the log files do not appear in the same directory as the tool, check C:\Windows\System32 as some applications may alter the path.

Which checks does the tool perform?

Section III serves to collect the logs taken from the previous two pages.

Section I: Network Connectivity

The tool will verify that you are running the script with administrative privileges. If not, it will prompt you to relaunch as an administrator or continue without the tool's full feature set.

If you have a proxy set up, choose the 6th option, as it will allow the tool to test using the proxy.

If you select to use a proxy, the tool will attempt to use Internet Explorer's proxy settings. If the tool does not find any, it will continue. The Proxy Server will prompt you to enter credentials if it requires them.

Choose your Datto RMM platform. If you have an agent installed, the tool will detect this and offer the ability to use the platform the agent is using (option 0). If you do not have an agent installed, you won't see the agent platform option.

After selecting your platform, the tool will attempt to contact the various URLs and IPs associated with Datto RMM. You can find these URLs and IPs listed in Whitelisting requirements for IP addresses and URLs (Datto RMM Online help). You'll see the results displayed on the screen. More verbose information is saved to a log file that you can export after the tool finishes the checks.

The platform check also determines what the latest version of the agent is and displays the results. If the check finds any failures, the tool will record them in the logs at the end of the session.

Section II: Endpoint health

The tool performs the following agent and endpoint checks:

Are the monitoring agent and agent services running and up-to-date?

Are there any errors in the monitoring agent log?

Are there any other copies of NLog.dll causing clashes with our own?

The Datto RMM Agent requires a minimum of Windows XP SP3 with .NET Framework 4.0.3 to function. Is the .NET Framework version installed of a valid version?

The Datto RMM Agent does not support Federal Information Processing Standards (FIPS). Does the device enforce FIPS compliance?

Does the system drive have at least 1GB of free space?

Are there any recent agent service-related errors in the Windows Event Log?

Are there any values in the registry that are known to cause issues during the audit process?

Are the record files the agent keeps valid and verifiable?

Is the device's local clock accurate?

Having a clock that is inaccurate by more than a few minutes can cause SSL connectivity issues.

Does the device have an agent policy targeted towards it that disables support or jobs?

While this is a supported configuration, it may be that such a policy was activated and then forgotten about.

Is the device able to submit monitoring data properly?

Is the monitoring agent functioning correctly?

Are the monitoring agent's records valid and verifiable?

Are there any failed Monitoring alerts?

A list of results will populate.

The tool will prompt the user to run the Microsoft .NET analysis and repair utility.

The analysis may take a few minutes to perform. The tool will download the utility unless a local copy is already present on the machine.

The tool will prompt for the user to run the Microsoft WMI analysis and repair utility (a VBS file).

The WMI analysis and repair may take more than 15 minutes to run.

Section III: Logs

The tool will offer to collect all agent log files into a single folder ready for archiving.

If the tool has administrative privileges, it will also collect operational files from C:\Windows\System32, which can aid problem analysis.

The tool will prompt to save all of the information it has collected into a single, verbose LOG file.

Zip the folder and contact Support

The Agent Health Check tool produces a 7Zip file named after the endpoint's hostname and a string indicating the time that the tool ran.